New Phishing Attacks Target Metamask, Again

DeFi Editors' Choice
New Phishing Attacks Target Metamask, Again

A new attempt has been made to impersonate Metamask and hack the accounts of users. 

Impersonating Metamask Support

Cyber-criminals will stop at nothing to rid unsuspecting victims of their money. In a new tweet by wallet Guard, the company announced that users had notified them that they had been receiving phishing emails from a fake Metamask account.

In this recent phishing attack on Metamask, the campaign impersonates Metamask’s support. It sends emails to users who are potential victims to notify them that their wallet has failed to complete the new Ethereum update. Therefore, they need to merge their accounts before September 30, 2022, or lose all their assets on the platform. This is not the first time that Metamask has been the target of phishing attacks.

To deter some of these attempts, crypto wallets have created measures to help their users secure their accounts better. Crypto wallets like Brave have integrated anti-phishing crypto scam detectors to protect their users from phishers. Metamask also introduced a privacy mode designed to help increase security for Ethereum wallet accounts.

How To Stay Safe

Regardless of these features and security measures integrated into the systems, hackers still develop new attempts to perpetrate their crimes. 

Cybercriminals will not stop attempting to defraud people. You have to know how not to be a victim. Here are some steps to help you verify if you are about to be scammed and secure your account from criminals: 

Verify Domain Credentials 

When you receive emails that attempt to make you perform an action on your account or make serious claims about your account, ignore the embedded buttons or provided URLs and instead visit the platform directly from a new tab, log in to your account, and check for any alerts that require your attention. Don’t just immediately click on a link, no matter how urgent the message claims to be. Always take the time to verify that the credentials of the domain you are about to enter are correct.

Always Enable Multi-factor Authentication

Make sure that multi-factor authentication (MFA) is on all your online accounts where the security measure is given as an option. MFA employs multiple factors to verify authorized access to your account. This provides added security and helps to reduce the risk of an unlicensed party taking over your account.

Never Share Your Recovery Phrase on Any Website

If you are a user of any locally installed crypto wallet like Metamask or Coinbase Trustwallet, never share your recovery phrase on any website for any reason. No legitimate website would ask for your recovery phrase.

As a note, users don’t need to do anything for the merge. The merge upgrade doesn’t require the input of users or their accounts. The fake Metamask website is a clone of the main website and looks identical. Always carefully take a look at the web address before performing any task on the website.